mirror of
https://github.com/wader/fq.git
synced 2024-12-23 13:22:58 +03:00
9852f56b74
What it can do: - Decodes records and most standard messages and extensions. - Decryptes records and reassemples application data stream if a keylog is provided and the cipher suite is supported. - Supports most recommended and used ciphers and a bunch of older ones. What it can't do: - SSL v3 maybe supported, is similar to TLS 1.0, not tested. - Decryption and renegotiation/cipher change. - Record defragmentation not supported, seems rare over TCP. - TLS 1.3 - SSL v2 but v2 compat header is supported. - Some key exchange messages not decoded yet Decryption code is heavly based on golang crypto/tls and zmap/zcrypto. Will be base for decoding http2 and other TLS based on protocols. Fixes #587 |
||
---|---|---|
.. | ||
ciphers | ||
dump-broken.pcapng | ||
dump-broken.pcapng.fqtest | ||
dump-broken.pcapng.keylog | ||
dump.pcapng | ||
dump.pcapng.keylog | ||
help_tls.fqtest | ||
ja3.fqtest | ||
ja3.jq | ||
README.md | ||
split.jq | ||
testtls.com.http1.1-tls1.2.pcap | ||
testtls.com.http1.1-tls1.2.pcap.fqtest | ||
testtls.com.http1.1-tls1.2.pcap.keylog | ||
to_tar.jq |
dump.pcapng dump-broken.pcapng was created by Peter Wu and comes from https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9144.
dump.pcapng contains 73 tls connections with differens cipher suites. split.jq was used to split it into one pcap per connection named after cipher suit used.
dump-broken.pcapng is a broken SSL v3, uses extensions. dump-broken.pcapng.keylog not used yet.